research-article

Laser Profiling for the Back-Side Fault Attacks: With a Practical Laser Skip Instruction Attack on AES

Authors:

Jakub Breier,

Dirmanto Jap,

Chien-Ning ChenAuthors Info & Claims

CPSS '15: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security

Pages 99 - 103

https://doi.org/10.1145/2732198.2732206

Published: 14 April 2015 Publication History

Get Access

Abstract

Laser fault injection is one of the strongest fault injection techniques. It offers a precise area positioning and a precise timing, allowing a high repeatability of experiments.

In our paper we examine possibilities of laser-induced faults that could lead to instruction skips. After the profiling phase we were able to perform an attack on the last AddRoundKey operation in AES and to retrieve the secret key with just one faulty and correct ciphertext pair. Our experiments show very high degree of repeatability and 100% success rate with correct laser settings.

References

[1]

D. Boneh, R. A. DeMillo, and R. J. Lipton, "On the Importance of Checking Cryptographic Protocols for Faults," in Proceedings of the 16th Annual International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT'97, (Berlin, Heidelberg), pp. 37--51, Springer-Verlag, 1997.

Digital Library

Google Scholar

[2]

E. Biham and A. Shamir, "Differential fault analysis of secret key cryptosystems," in Advances in Cryptology - CRYPTO '97 (J. Kaliski, Burton, S., ed.), vol. 1294 of Lecture Notes in Computer Science, pp. 513--525, Springer Berlin Heidelberg, 1997.

Digital Library

Google Scholar

[3]

W. Moreno, F. Falquez, and N. Saini, "Fault tolerant design validation through laser fault injection {space-based computing systems}," in Devices, Circuits and Systems, 1998. Proceedings of the 1998 Second IEEE International Caracas Conference on, pp. 132--137, Mar 1998.

Google Scholar

[4]

M. A. Green and M. J. Keevers, "Optical properties of intrinsic silicon at 300 k," Progress in Photovoltaics: Research and Applications, vol. 3, no. 3, pp. 189--192, 1995.

Crossref

Google Scholar

[5]

S. Skorobogatov and R. Anderson, "Optical Fault Induction Attacks," in Cryptographic Hardware and Embedded Systems - CHES 2002 (B. Kaliski, ç. Koç, and C. Paar, eds.), vol. 2523 of Lecture Notes in Computer Science, pp. 2--12, Springer Berlin Heidelberg, 2003.

Digital Library

Google Scholar

[6]

J.-M. Dutertre, A.-P. Mirbaha, D. Naccache, and A. Tria, "Reproducible single-byte laser fault injection," in Ph.D. Research in Microelectronics and Electronics (PRIME), 2010 Conference on, pp. 1--4, July 2010.

Google Scholar

[7]

C. Roscian, A. Sarafianos, J.-M. Dutertre, and A. Tria, "Fault model analysis of laser-induced faults in sram memory cells," in Fault Diagnosis and Tolerance in Cryptography (FDTC), 2013 Workshop on, pp. 89--98, Aug 2013.

Digital Library

Google Scholar

[8]

C. Roscian, J.-M. Dutertre, and A. Tria, "Frontside laser fault injection on cryptosystems - Application to the AES' last round," in Hardware-Oriented Security and Trust (HOST), 2013 IEEE International Symposium on, pp. 119--124, June 2013.

Google Scholar

[9]

F. Courbon, P. Loubet-Moundi, J. Fournier, and A. Tria, "Adjusting laser injections for fully controlled faults," in Constructive Side-Channel Analysis and Secure Design (E. Prouff, ed.), Lecture Notes in Computer Science, pp. 229--242, Springer International Publishing, 2014.

Google Scholar

[10]

F. Courbon, P. Loubet-Moundi, J. Fournier, and A. Tria, "Increasing the efficiency of laser fault injections using fast gate level reverse engineering" in Hardware-Oriented Security and Trust (HOST), 2014 IEEE International Symposium on, pp. 60--63, May 2014.

Google Scholar

Cited By

View all

Beigizad ASoleimany HZarei SRamzanipour H(2024)Linked Fault AnalysisIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332765819(632-645)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3327658
Akbar MShikfa AWang BAmine Bermak a(2024)Self-Checking Hardware Design for Montgomery Exponentiation-Based CryptographyIEEE Access10.1109/ACCESS.2024.344831312(119915-119926)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3448313
Hayashi SSakamoto JChikano MMatsumoto THong Chang CRuhrmair UBatina LForte D(2023)Effective Layout Design for Laser Fault Sensor on FPGAProceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security10.1145/3605769.3623995(103-112)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3605769.3623995
Show More Cited By

Index Terms

Laser Profiling for the Back-Side Fault Attacks: With a Practical Laser Skip Instruction Attack on AES

Recommendations

Testing Feasibility of Back-Side Laser Fault Injection on a Microcontroller
WESS'15: Proceedings of the WESS'15: Workshop on Embedded Systems Security

Laser fault attack platform constitutes a powerful tool for a precise injection of faults into the device, allowing an attacker to carefully adjust timing and position on the chip. On the other hand, the cost of such equipment is high and the profiling ...
Meet-in-the-middle and impossible differential fault analysis on AES
CHES'11: Proceedings of the 13th international conference on Cryptographic hardware and embedded systems

Since the early work of Piret and Quisquater on fault attacks against AES at CHES 2003, many works have been devoted to reduce the number of faults and to improve the time complexity of this attack. This attack is very efficient as a single fault is ...
Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults
FDTC '10: Proceedings of the 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography

The naive implementation of AES is known to be vulnerable to Differential Fault Analysis (DFA). We can findthe key of AES-128 (AES with 128-bit key) with one pair of correct and faulty cipher texts. Recently several works on the extension of the attack ...

Comments

Information & Contributors

Information

Published In

CPSS '15: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security

April 2015

116 pages

ISBN:9781450334488

DOI:10.1145/2732198

General Chair:
Jianying Zhou
I2R, Singapore
,
Program Chairs:
Jianying Zhou
I2R, Singapore
,
Douglas Jones
ADSC, Singapore

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '15

Sponsor:

SIGSAC

ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security

April 14 - March 14, 2015

Singapore, Republic of Singapore

Acceptance Rates

CPSS '15 Paper Acceptance Rate 9 of 26 submissions, 35%;

Overall Acceptance Rate 43 of 135 submissions, 32%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
338
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)1

Reflects downloads up to 15 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Beigizad ASoleimany HZarei SRamzanipour H(2024)Linked Fault AnalysisIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332765819(632-645)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3327658
Akbar MShikfa AWang BAmine Bermak a(2024)Self-Checking Hardware Design for Montgomery Exponentiation-Based CryptographyIEEE Access10.1109/ACCESS.2024.344831312(119915-119926)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3448313
Hayashi SSakamoto JChikano MMatsumoto THong Chang CRuhrmair UBatina LForte D(2023)Effective Layout Design for Laser Fault Sensor on FPGAProceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security10.1145/3605769.3623995(103-112)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3605769.3623995
Nishiyama HFujimoto DHayashi YHong Chang CRuhrmair UBatina LForte D(2023)Remote Fault Injection Attack against Cryptographic Modules via Intentional Electromagnetic Interference from an AntennaProceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security10.1145/3605769.3623991(93-102)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3605769.3623991
Zgheib APotin ORigaud JDutertre J(2023)Experimental EMFI detection on a RISC-V core using the Trace Verifier solutionMicroprocessors and Microsystems10.1016/j.micpro.2023.104968103(104968)Online publication date: Nov-2023
https://doi.org/10.1016/j.micpro.2023.104968
McKay SHutchins NBaskerville SShenoi S(2023)Towards Direct-Control Data Acquisition by Nano-Probing Non-Volatile Memory CellsAdvances in Digital Forensics XIX10.1007/978-3-031-42991-0_6(91-122)Online publication date: 19-Oct-2023
https://doi.org/10.1007/978-3-031-42991-0_6
Tehranipoor MNalla Anandakumar NFarahmandi FTehranipoor MAnandakumar NFarahmandi F(2023)Voltage Glitch Attack on an FPGA AES ImplementationHardware Security Training, Hands-on!10.1007/978-3-031-31034-8_12(219-234)Online publication date: 30-Jun-2023
https://doi.org/10.1007/978-3-031-31034-8_12
Gangolli AMahmoud QAzim A(2022)A Systematic Review of Fault Injection Attacks on IoT SystemsElectronics10.3390/electronics1113202311:13(2023)Online publication date: 28-Jun-2022
https://doi.org/10.3390/electronics11132023
Breier JHou XOchoa MSolano J(2022)FooBaR: Fault Fooling Backdoor Attack on Neural Network TrainingIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.3166671(1-1)Online publication date: 2022
https://doi.org/10.1109/TDSC.2022.3166671
Tang HLiu Q(2022)MPFA: An Efficient Multiple Faults-Based Persistent Fault Analysis Method for Low-Cost FIAIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2021.311751241:9(2821-2834)Online publication date: Sep-2022
https://doi.org/10.1109/TCAD.2021.3117512
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Testing Feasibility of Back-Side Laser Fault Injection on a Microcontroller

Meet-in-the-middle and impossible differential fault analysis on AES

Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults